Cybercriminals have managed to infiltrate over a dozen mobile carriers around the world and gain complete control of their networks without their knowledge according to new research from Cybereason.
Last year, the Cybereason Nocturnus team discovered an advanced, persistent attack targeting global telecommunications providers carried out by a threat actor using tools and techniques commonly associated with the Chinese-affiliated threat actor APT10. These bad actors still control the network today and have even built a VPN for their convenience.
The security firm detailed its findings in a new report titled Operation Soft Cell: A worldwide campaign against telecommunications providers which explains how hackers targeted phone providers in Europe, Asia, Africa and the Middle East. The hackers have been infecting multiple mobile carriers since 2012 and they used their control of these networks to steal hundreds of gigabytes of data on customers.
Head of security research at Cybereason, Amit Serper explained that the cybercriminals behind these attacks also have highly privileged access in addition to customer data, saying:
“They have all the usernames and passwords, and created a bunch of domain privileges for themselves, with more than one user. They can do whatever they want. Since they have such access, they could shut down the network tomorrow if they wanted to.”
Operation Soft Cell
According to Cybereason, no US mobile carriers were affected by the attacks but since the campaign has yet to be shutdown, this could possibly change in the future.
The cybercriminals responsible did have the power to disrupt the networks they infiltrated but instead chose to use their access for espionage as opposed to disruption. Once access was gained to a mobile carriers’ internal servers, the attackers were able to access customer records including geolocation data, call logs and text message records.
Despite having access to data on millions of people, the hackers instead chose to only steal data from fewer than 100 targeted victims. Vice president of security practices at Cybereason, Mor Levi believes that they likely targeted high-profile victims from governments and militaries around the world.
According to the firm’s research, the attackers exploited older vulnerabilities to gain access to over a dozen mobile carriers around the world. They then used their access to create accounts for themselves with escalated privileges and hid among the infected mobile carriers actual staff.
The sophisticated and targeted nature of the attack has led Cybereason to believe that the attackers were backed by a nation-state namely China as digital forensics point to the country’s elite hacking group APT10 being behind the attacks.
The potential implications of an attack this large that went on for so long are tremendous and we’ll likely learn more as Cybereason, the affected mobile carriers and governments around the world investigate the matter further.
- Keep your devices protected from the latest cyber threats with the best antivirus